GitHub Copilot MCP uses OAuth 2.0 Protected Resource Metadata (RFC 9728). When [moo](https://moo.pcarrier.com) tries to discover the OAuth endpoints, it: - Fetches https://api.githubcopilot.com/.well-known/oauth-protected-resource/mcp/insiders - Gets `authorization_servers: ["https://github.com/login/oauth"]` - Tries https://github.com/login/oauth/.well-known/oauth-authorization-server - Gets 404 — GitHub doesn't publish OAuth Authorization Server Metadata.
GitHub Copilot MCP uses OAuth 2.0 Protected Resource Metadata (RFC 9728). When moo tries to discover the OAuth endpoints, it:
authorization_servers: ["https://github.com/login/oauth"]